►
From YouTube: Contour Community Meeting - June 23, 2020
Description
June 23, 2020
What have we been working on?
Introducing Steve Kriss to the team
(stevesloka) Ingress Class for Kubernetes v1 Ingress Spec: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
(stevesloka) Replace XDS Server with go-control-plane
(skriss) Bug fix for issue where some routes would be dropped if they had overlapping header conditions with another route
(skriss) Added some more validations for header conditions (disallow conflicting exact+notexact, contains+notcontains)
(stevesloka) Envoy Security Release v1.14.3
A
A
B
Everyone
I'm
Steve,
he
can
call
me
new
Steve,
keep
things
try
and
keep
things
clear.
Yes,
I'm
joining
the
contour
team.
I
was
previously
working
on
the
velaro
project,
which
is
another
one
of
the
VMware
tendu
open-source
projects
and
I
was
the
tech
lead
on
that
project,
so
join
contour
last
week
and
yeah
I'm
excited
to
be
here,
I've
started
to
dig
in
and
then
I'm
going
through
lots
of
examples,
lots
of
of
reading
up
on
things
and
starting
to
submit
a
few
pr's
where
I
can
so
happy
to
be
here.
A
C
So
I
want
to
talk
a
little
bit
about
the
new
ingress
class
stuff
coming
up
for
for
the
ice.
I
always
say
that
the
1
beta
1
ingress,
but
now
it's
gonna
go
to
v1,
so
in
kubernetes,
19,
they're
gonna
bump
the
V
1
beta
1
ingress,
which
has
been
there
and
beta
since
I.
Don't
know
how
many
releases
a
few
years
now
it's
been
a
while
so
they're
gonna,
really
that's
going
to
become
v1,
proper
v1
and
doing
that
there's
a
couple
things
that
got
changed
so
one.
C
Is
they
added
this
idea
of
an
ingress
class?
So,
if
they're
all
familiar
when
you
wanted
to
have
multiple
controllers
in
your
cluster,
you
would
imitate
your
ingress
resources
with
this
ingress
class
and
it
was
never
consistent
because
it
was
just
an
annotation
and
folks.
I
know.
Contour,
supports
I,
think
three
different
versions
of
that
one's,
a
kubernetes
annotation
ones
that
help
do
one
one's
a
project
contour
one.
So
the
idea
of
this
is
having
a
new
ingress
class
resource
and
with
that
resource
you
can
define
what
controller
manages
that
resource.
C
I
just
had
to
work
out
some
of
the
logic,
because
now
you
have
to
support
annotations
and
then
ingress
class
and
then
annotations
take
precedence
over
the
ingress
class
to
let
you
migrate,
easier
and
stuff.
So
what
could
how
that
worked
out
once
we
have
that
and
we'll
write
that
up
and
have
that
out
for
everyone.
So
just
knowing
that
that's
coming
also,
this
ingress
class
model
fits
into
how
the
new
service
API
kind
of
works.
Where
you
have,
you
know
a
class
as
well,
and
then
you
have
resources
off
of
that
class.
C
Next
up
yeah,
so
the
next
one
is
I,
think
contour
back
when
Dave
Cheney
started
this
there
was
I
believe
he
was.
We
were
the
first
or
one
of
the
few
to
have
XDS
in
on
voice
so
on.
When
you
first
started,
it
was
actually
like
a
REST
API
so
on.
C
We
would
go
and
pull
the
control
plane
for
configuration
updates,
and
then
we
switched
to
this
G
RPC
connection,
which
allowed
the
polling
to
go
away,
and
now
we
have
a
rich
connection
between
envoy,
which
is
the
client
and
then
contour,
which
is
the
the
server.
So
that's
worked
well
for
us
for
a
while,
but
we
have
come
up
with
some
some
issues
around
different
scenarios
with
different
different
users
of
contours,
so
some
relate
to
how
we,
how
updates
get
passed
off
to
cluster
isn't
endpoints.
C
So
if
say,
you
did
like
a
Bluegreen
deployment
or
something
like
that.
There
are
some
times
where
the
the
updates
don't
happen
in
the
proper
order.
So
so
again
we're
looking
into
some
ways
we
can
solve
that.
So
some
of
these
are
let's
move
to
it
to
an
existing
implementation.
That's
out
there
in
the
world,
so
lyft
has
one.
It's
called:
go
control
plane,
so
we're
looking
at
what
that
would
look
like
if
we
moved
to
that
implementation
so
I'm,
instead
of
writing
all
the
fixes
in
the
contour
proper.
C
We
can
you
know
upstream
those
efforts
and
then
together
have
a
have
a
better
implementation.
So
this
was
some
work
that
I
was
doing
to
help
or
see
what
this
would
look
like
if
we
move
to
it.
So
it's
still
so
heavy
work
in
progress
just
because
ripping
out
all
that
XDS
code
in
our
and
contoured
plug
plumbing.
This
in
is
no
small
feat
in
a
way,
but
it
looks
pretty
promising
so
far,
I
actually
have
it
working.
C
So
if
you
run
this
it'll
work,
but
all
the
tests
of
it
also
will
see,
but
anything
you
might
let
us
do
is
move
to
ATS
which,
just
today,
contour
opens
up
a
gr,
PC
connection
per
resource,
so
for
clusters
for
CD
s,
endpoints
EDS
and
all
those
different
things
will
open
up
a
different
connection
to
contour.
For
that
a
DES
would
let
us
share
that
connection
and
then
proxy.
C
All
those
resources
over
one
I
believe
it
also
will
help
do
some
ordering
so
that,
if
you
pass
say
a
set
of
endpoints
and
thought
clusters
attached,
it
will
hold
on
to
that
until
all
the
resources
exist
and
then
pass
it
off
as
one
one
big
payload.
So
just
some
work
there
we're
gonna,
look
and
see
how
that
might
fit
really
to
users.
That
should
be
note,
no
change.
You
know
it
should
be
a
seamless
change
behind
the
scenes,
but
just
don't
work
we're
doing
there
to
improve
contour.
D
A
C
B
C
So
so
I
think
part
of
what
Steve
was
doing
was
working
on
understanding
a
bit
of
how
contour
how
our
DP
proxy
resources
work
with
inclusion.
So
inclusion
lets
you
include
path
prefixes
to
other
resources
in
in
kubernetes
or
in
your
in
your
cluster,
as
well
as
header
conditions
right.
So
you
can
route
on.
You
know
any
kind
of
header,
that's
in
the
request.
So
typically
that
could
be
like
a
content,
type
header
or
a
user
agent
to
understand.
Hey
is
this.
You
know
Chrome
or
Firefox,
that
sort
of
thing.
C
We
found
an
issue
where,
if
you
define
multiple
routes
with
the
same
prefixes
and
had
the
header
conditions
overlap,
then
you
get
kind
of
inconsistent
routing
sub
say
you
had
a
path
for
/foo
and
you
say
you
know
the
header
contains
chrome,
but
the
header
does
not
contain
Firefox
like
there
could
be
some
some
conflicting
routes
you
can
create.
So
it's
like
Steve
Steve
has
some
some
issues
or
some
changes
there
to
help
address.
B
Yeah
yeah
thank
thanks
for
covering
that
one
Steve
yeah
the
next
one
was
just
adding
some
more
validations.
So
I
noticed
that
there
were
certain
kind
of
logically
invalid
combinations
of
header
conditions
that
you
could
add.
So
you
could,
you
could
have
a
route.
That
said,
you
know,
route
requests
here
if
the
header
both
contains
foo
and
does
not
contain
foo,
which
you
know
logically,
is
impossible.
B
So
I
just
added
a
couple
of
additional
validations
around
that
to
ensure
that
there
were
no
sort
of
contradictory,
exact
and
not
exact
or
contains,
and
not
contains
conditions
on
the
same
route.
So
definitely
a
you
know
another
edge
case,
but
as
I
was
just
kind
of
playing
around
and
trying
to
understand
things.
This
came
up
for
me
and
it
seemed
like
a
useful
validation
to
add.
D
Got
to
ask
if
there's
an
update
on
to
two
to
five,
which
is
adding
some
more
configuration,
knobs
and
particularly
around
timeouts,
and
because
that's
something
we're
struggling
with
at
the
moment
is
trying
to
debug
by
some
clients
with
long-running
connections
seem
to
have
their
connections
being
terminated,
not
necessarily
on
their
on
the
Envoy
contour
side.
But
only
some
of
the
timeout
seem
to
be
hard-coded
rather
than
their
configurable.
C
Yeah
I
know
I
know
we
chat
about
that
before
and
we
were
gonna
add
some
more
values.
This
probably
good
update
here
yeah,
so
Nick
Nick
proposed
some
some
changes
to
the
contra
configuration
file,
so
we
can
help.
You
know,
allow
you
to
customize
some
of
those
I,
don't
believe
that
any
any
PRS
have
come
up
yet
to
do
that,
but
we
do
have
it
kind
of
scoped
out
in
a
way:
okay,
so
yeah
yeah.
It
was
just
a
matter
of
doing
it
now
at
this
point,
so.
E
D
G
I
have
another
comment
too:
to
bring
the
mood
back
down
a
question
from
a
feedback
from
another
user
so
where
we're
trying
to
go
through
the
process,
if
we
finally
got
to
one
not
three,
we
want
to
go
to
one
four,
one:
five
and
each
time
we
we
get
to
these
releases.
We
we
find
an
issue
that
sort
of
holds
us
off
to
the
next
release.
So
now
we're
waiting
on
one
six,
two
to
resolve
an
issue:
we've
got
we're
running
on
multiple
ports.
G
The
question
is,
and
I
was
going
to
raise
this
through
our
sort
of
formal
VMware
channels
too,
but
you
know:
can
we
when
we
get
these
issues,
so
we're
gonna,
try
and
build
from
master
more
frequently
to
actually
test
this
stuff
out
before
we
actually
get
the
releases,
but
where
we
find
challenges
with
releases,
is
there
any
openness
to
doing
dot
releases
afterwards
to
fix
issues?
So
we
have
for
the
for
the
multiple
ports
issue,
james
merged,
to
fix
you
know
very
quickly,
but
we're
still
waiting
for
the
release
to
come
out.
G
E
G
Again,
I
think
James
was
involved
with
that,
one
that
that
stopped
us
from
going
to
one
five
I
think
so
it
just
maybe
it
has
been
there
the
last
couple
of
releases,
but
it
feels
like
we.
We
sort
of
wait
for
a
release
that
drops
and
then,
when
you
find
the
issue
which
then
defers
this
again,
so
we're
sort
of
now
a
fair
way
behind
so
yeah.
That's
that's
the
main
thing:
okay,.
F
Michael
there's
been
a
decent
amount
of
internal
debate
because
if
we
start
to
release
patches
for
former
versions
than
that
implies,
a
support
policy
for
more
than
we
might
be
able
to
take
on
par
is
the
open
source
community
and
so
that's
sort
of
the
balance
we've
been
we've
been
considering,
and
we
haven't
talked
about
it
in
probably
a
couple
months,
but
that's
that's.
The
topic
keeps
coming
up,
but
I
think
your
your
feedbacks
really
good.
For
next
time
we
talked
about
it,
which
other
cookies,
okay,.
G
E
About
two
votes:
shy
from
getting
to
incubation
stage
in
scene,
CF
I
think
you
know
the
same.
Cftc
has
been
fatigued
with
emails
and
lots
of
things
happen
organizationally.
So
we
haven't
been
pushing
hard.
You
know,
I,
know
you're
aware,
but
I
was
some
internet
for
harbors,
so
I've
been
trying
to
get
Harbor
in
since
that
was
a
graduation
project
and
that
announced
I
mean
that's.
What
I
was
doing
like
literally
I
was
late
to
this
meeting
had
to
review
some
press
releases,
but
Harbor
graduated
today.
Officially
so.
D
D
E
Just
a
matter
of
you
know
getting
folks
to
focus
on
one
project
at
a
time
a
lot
of
these
projects.
They
have
20
30,
page
documents
that
everyone
has
to
review,
and
you
know
this
time
scarce.
So
it's
kind
of
hard
to
do
allocate
time
to
do
this
and
we
haven't
been
pushing
much
because
we
understand
that
this
is
you
know
between
coffees
and
other
issues,
happen
in
the
u.s.
and
all
this
project
stuff
going
on
and
changing
the
CN
CF
ahead.